8.1
CVE-2024-11700 - firefox: thunderbird: Potential Tapjacking Exploit for Intent Confirmation on Android
Malicious websites may have been able to perform user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 1β¦
4.3
CVE-2024-11701 - firefox: thunderbird: Misleading Address Bar State During Navigation Interruption
The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133.
8.8
CVE-2024-11691 - firefox: thunderbird: Memory corruption in Apple GPU drivers
Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. *This bug only affected the application on Apple M series hardware. Other platforms were unaffected.* This vulnerability affects Firefox β¦
4.3
CVE-2024-9929 -
A vulnerability exists in NSD570 that allows any authenticated user to access all device logs disclosing login information with timestamps.
5.3
CVE-2024-9928 -
A vulnerability exists in NSD570 login panel that does not restrict excessive authentication attempts. If exploited, this could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the equipment login. Note that the system supports only β¦
5.5
CVE-2024-52337 - Tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method
A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick theβ¦
7.8
CVE-2024-52336 - Tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root
A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit aβ¦
6.5
CVE-2024-38834 - Stored cross-site scripting vulnerability (CVE-2024-38834)
VMware Aria Operations contains a stored cross-site scripting vulnerability.Β A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.
6.8
CVE-2024-38833 - Stored cross-site scripting vulnerability (CVE-2024-38833)
VMware Aria Operations contains a stored cross-site scripting vulnerability.Β A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.
7.1
CVE-2024-38832 - Stored cross-site scripting vulnerability (CVE-2024-38832)
VMware Aria Operations contains a stored cross-site scripting vulnerability.Β A malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.